Vulnerabilities > Quarkus > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-15 CVE-2023-5720 Unspecified vulnerability in Quarkus
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain.
network
low complexity
quarkus
7.5
7.5
2023-10-04 CVE-2023-1584 Unspecified vulnerability in Quarkus
A flaw was found in Quarkus.
network
low complexity
quarkus
7.5
7.5
2023-09-20 CVE-2023-4853 Incorrect Authorization vulnerability in multiple products
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions.
network
high complexity
quarkus redhat CWE-863
8.1
8.1
2022-12-06 CVE-2022-4147 Unspecified vulnerability in Quarkus
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed.
network
high complexity
quarkus
7.5
7.5
2022-10-02 CVE-2022-42003 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
7.5
2022-10-02 CVE-2022-42004 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
7.5
2021-10-20 CVE-2021-2471 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).
network
oracle quarkus
7.9
7.9
2021-10-19 CVE-2021-37136 Resource Exhaustion vulnerability in multiple products
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).
network
low complexity
netty quarkus oracle netapp debian CWE-400
7.5
7.5
2021-10-19 CVE-2021-37137 Resource Exhaustion vulnerability in multiple products
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage.
network
low complexity
netty oracle quarkus netapp debian CWE-400
7.5
7.5
2021-08-18 CVE-2021-37714 Infinite Loop vulnerability in multiple products
jsoup is a Java library for working with HTML.
network
low complexity
jsoup quarkus oracle netapp CWE-835
7.5
7.5